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SPECIFICATION 



METHOD AND SYSTEM FOR PROTECTING CREDIT CARD 



TRANSACTIONS 



CROSS-REFERENCE TO RELATED APPLICATION 

[001] Priority is claimed from provisional application no. 60/197,005 filed 
13 April 2000, which is incorporated herein by reference. 

FIELD OF THE INVENTION 

[002] The invention relates to financial transactions initiated and executed 
with devices that create payments by passing account information, such as so-called 
credit cards, charge cards, and debit cards (for the sake of clarity, these kinds of 
devices will be referred to herein as "credit cards" and the transactions executed 
with them will be referred to as "credit card transactions"). The invention, more 
particularly, provides a method and apparatus for processing credit card transactions 
in a secure way. Vendors and providers (sellers) of all types are referred to herein 
as "merchants" and purchasers of every kind and nature are referred to herein as 
"consumers". 

[003] The invention is particularly useful, for example, for processing credit 
card transactions initiated and executed electronically (for example, telephonically 
or over the Internet), where the information transmitted becomes vulnerable at the 
time it is passed and remains vulnerable indefinitely afterward. The invention also 
may be used effectively for processing credit card transactions when they are not 
conducted electronically (e.g., at a cash register or checkout station in a store or 
other point of sale). 
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BACKGROUND OF THE INVENTION 



[004] The Internet has provided a major mechanism for the conduct of 

commerce, already used by millions of consumers and thousands of companies, E- 
commerce is growing at explosive rates and now accounts for many billions of 
dollars in transactions. A large percentage of consumer goods and services sold on 
the Internet are paid for electronically with credit cards. In the early days of credit 
cards, credit card purchases were processed relying on authorizations that were 
confirmed by the written signatures of credit cardholders. As the concept of credit 
card buying evolved, telephonically initiated purchases began to flow. Vouchers for 
these purchases started to be prepared by personnel in the employ of the merchants, 
with the account numbers communicated to them by the purchasers verbally. As 
transactions moved away from written signature based authorizations, the card 
issuers experienced new challenges. 

Evolving Problems With Credit Card Transactions 

[005] For example, documentation of purchases based on unsigned vouchers 

is generally not as indisputable as signed vouchers. Cardholders could make a 
purchase verbally, then declare that they received the wrong merchandise, or even 
that they hadn't agreed to the purchase at all. To deal with this problem, credit card 
issuers took steps that included developing policies, revising their credit card 
agreements, and increasing staffing to handle these kinds of inquiries and 
complaints. 

[006] Opportunities for cardholders to cry "foul" will likely multiply as the 
volume of e-transactions multiplies. Also, with vast amounts of credit card 
information transmitted on the Internet, some cardholders will discover new 
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opportunities to "beat" the system for their own purposes. Similarly, the potential 
for increases in the incidence of misunderstandings that occur when merchants 
make errors or act improperly will also be enlarged. Problems with credit card theft, 
fraud, misuse and abuse have always posed a source of substantial expense and 
inconvenience to the credit card industry, merchants and legal authorities. The 
Internet has the power to significantly magnify these problems, and to cause serious 
new concern and fear to consumers. As long as valid credit card information is 
transmitted in the public domain, it will be vulnerable to illegal interception by 
criminals. The information is often vulnerable to misuse by its intended recipients, 
and to illegal access from their storage devices and other records. 

[007] Some of the complaints will not be lodged until after unexpected debits 
appear cardholders' monthly statements. All of the complaints will have to be sorted 
out and some will require serious investigations. Some will be resolvable and many 
others will result in costly write-offs. Current laws afford certain protection to 
cardholders after they report their card stolen, but if their account numbers are 
stolen they will not be able to report it until they are aware of it. If they don't find 
out until they receive their monthly statements, serious damage may have already 
been done to a merchant, a cardholder, a card issuer, or any or all of these. 

Credit Card Agreements; The Cardholders' Interests 

[008] Customarily, credit card agreements endeavor to protect the cards' 
issuers to the maximum extent allowed by law. Many cardholders do not read or 
understand the agreements they authorize by using their credit cards. Such 
agreements might, for example, include terms such as "If you permit any person to 
have access to your card or account number with the authorization to make a 
charge, you may be liable for all charges made by that person, including charges 



you may not have intended to be liable for." It is not unreasonable to assume that to 
the card issuer "may be responsible" means "will be responsible, unless current law 
clearly absolves the cardholder of that responsibility." Other credit card agreements 
might include terms such as, for example, "Charges include any purchase or cash 
advance in which you have evidenced an intent to incur a charge, regardless of 
whether you have signed a charge form." 

Credit Card Agreements: The Card Issuers' Interests 

[009] "Standard" credit card agreements contain a (statutory) clause 
specifying that cardholders are liable for a maximum of $50.00 in the event of 
unauthorized use of credit cards. As a result of the proliferation of the Internet, the 
potential for unauthorized usage of credit cards continues to grow rapidly. As long 
as valid credit card numbers are transmitted over this public domain, this risk is 
bound to be increasingly problematic. The number of purchases processed 
electronically, without signed authorizations or card imprints, is increasing 
explosively. As this trend continues, discerning unauthorized use from authorized 
use becomes increasingly difficult. It is well known that security is the largest 
single concern that exists in connection with the cyberspace infrastructure. Credit 
cards will not be reported lost by those whose account numbers have been 
compromised until they become aware of it. 

Credit Card Agreements: Statutory 

[010] Credit card agreements often also contain a section titled "Special 

Rules For Credit Card Purchases", which reads something like the following: 

"If you have a problem with the quality of property or services 
that you purchased with a credit card, you may have the right not to 
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pay the remaining amount due on the property or services. There are 
two limitations on this right: 

a) You must have made the purchase in your home state, or if 
not within your home state, within 100 miles of your current mailing 
address; and 

b) The purchase price must have been more than $50." 

The "right not to pay" that a cardholder "may" have, clearly is not granted 
summarily by the card issuers. Since Internet based merchants often do not publish 
information about their locations, difficulties resolving these matters are likely to be 
exacerbated. 

Merchants' Difficulties With Credit Card Sales 

[Oil] Merchants release inventory to buyers every day on the strength of 

credit card approval codes provided by the credit card issuers. The merchant wishes 
to avoid "charge backs" whenever possible. When a buyer charges merchandise the 
"brick and mortar" way, the merchant has an opportunity to obtain a signed voucher 
offering evidence that the cardholder received the merchandise and that he had 
participated in the transaction. In "brick and mortar" type transactions, the merchant 
can take steps to try to identify the cardholder as the person he holds himself out to 
be. But often the merchant depends on a cashier who is under time pressure and not 
highly trained or qualified to verify the identification of a purchaser. E-commerce 
transactions, almost always paid with credit cards, are usually charged back to a 
merchant when a cardholder claims a fraud occurred and refuses payment. This 
problem has grown so large that some merchants have claimed to experience losses 
from e-commerce charge backs that actually exceeded their successful sales. 
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The Cost Is Borne By Consumers 

[012] The final price tag for these problems and abuses is ultimately borne 
by the consumer. In the final analysis, the consuming public bears the cost of each 
and every loss. They also bear all of the costs associated with the administration 
done by the credit card issuers (often to protect their own interests.). These costs are 
ultimately added to the price of the goods and services consumers purchase, or to 
the interest and other charges they pay for the privilege and convenience of paying 
with credit cards. Consumers also bear the cost of continual research and 
development done in efforts to find ways to better secure the infrastructure. Much 
of this expense finds its way into the monthly access charges people pay to their 
Internet service providers. As taxpayers, the public also pays the price tag 
associated with law enforcement and the penal system. 

[013] As the e-commerce explosion progresses, the costs of dealing with 

these problems could rapidly become prohibitive. E-commerce itself will suffer if 
too many cardholders become hesitant to transmit their account numbers over the 
public domain. This fear is bound to grow as the problems with security in 
cyberspace become more obvious to the public at large. Though millions of dollars 
are being invested into research for methods to better secure the infrastructure, 
gifted teenagers seem to be able to keep pace with (sometimes outwitting) the 
experts. So desperate is the security issue that job offers have come to youngsters 
who have illegally penetrated the computer networks of major corporations and 
even the U.S. Government. In terms of the credit card industry and their insurance 
carriers, a practical method of keeping the "honest people honest and the criminals 
away", would be credible and highly valuable. The savings realized by merchants, 
consumers, and potentially law enforcement authorities could be so widespread and 
vast that it would be difficult to measure. 
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[014] Both "brick and mortar" merchants and E-merchants could benefit 
from better means to confirm the identities of cardholders. With no chance of 
personal interaction with their buyers, E-merchants would derive a great deal of 
additional benefit if the orders they receive on line could be accurately validated. 
Consumers could also benefit from additional confidentiality associated with their 
credit card account numbers. Thus, there is a long felt but unsolved need to flexibly 
support credit card and other financial transactions over less-than-completely secure 
environments such as the Internet. 

SUMMARY OF THE INVENTION 

[015] The present invention provides, in accordance with one of its aspects, a 

concept that enables the complete processing of an e-commerce transaction without 
transmitting a credit card account number, or any other number that may be used by 
a merchant to authorize the transfer of funds. The invention thus provides 
technqiues for enabling merchants and credit card issuers to do business with each 
other while retaining the customer's credit card account number within the domains 
of only a small number of entities, e.g. the cardholder, the card issuer, and an 
information clearing center that may belong to the card issuer or be separate of it. 

[016] Briefly, the present invention provides systems and methods that 

protect transaction information by not assembling it until after all transmissions 
through public domains have been completed. Each completed package of 
information (i.e., the information required before card issuers process transactions) 
is assembled from its components which are created and transmitted as the 
associated transaction progresses. None of these components (or pieces) of 
information has value in isolation because the assembly of components is needed to 
complete the transaction. 
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[017] An e-commerce transaction may be initiated and proceed as a standard 

e-purchase. As such a transaction progresses, the purchaser may view it much in the 
same way as the transactions he is accustomed to, with only minor variations in the 
application procedure he experiences. As the purchaser steps through the purchase, 
various elements of information can be transmitted to different IP addresses over 
the Internet or other channel. There is no need to hide them beyond presently used 
standard Internet (e.g., "SSI" encrypted) connections. 

[0181 In more detail, one aspect provided by the exemplary embodiments of 
the present invention supplies a method of conducting secure payment transactions 
between consumer and merchant comprising: 

• generating a unique transaction identifier associated with and identifying a 
transaction between the consumer and the merchant. 

• communicating said transaction identifier in lieu of the consumer's credit card 
account identifier; 

• authenticating said communicated transaction identifier; 

• associating the transaction identifier with the consumer' s credit card account; 
and 

• effecting payment from the consumer to the merchant through use of said 
consumer's credit card account. 

[019] In some preferred example embodiments, the merchant generates said 
transaction identifier and communicates it to a third party transaction facilitator. 
The third party transaction facilitator may comprise an information clearing center 
and/or the issuer of said consumer's credit card account. The transaction identifier 
can be communicated over the Internet. Authentication may be based on a 
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consumer pass code and/or a digital signature or other certification. The associating 
step may be performed after a database lookup. 

[020] In accordance with another aspect provided by the invention, a system for 
conducting secure payment transactions between consumer and merchant 
comprises: 

• equipment at the merchant that generates a transaction identifier associated with 
and identifying a transaction between the consumer and the merchant and 
communicates said transaction identifier to a transaction facilitator in lieu of the 
3 consumer' s credit card account identifier; 

« • equipment at the transaction facilitator that authenticates said communicated 
J transaction identifier and associates the transaction identifier with the 
] consumer's credit card account; and 

3 • payment fulfillment equipment that effects payment from the consumer to the 
I merchant through use of said consumer' s credit card account. 

3 [021] In preferred embodiments, merchants use a web server or other equipment 
and channels to generate said transaction identifier and communicate it to the 
transaction facilitator. The transaction facilitator may include a web server, a 
firewall, and an offline computer coupled to the web server through the firewall. 
The transaction facilitator may include a secure database that maps transaction 
identifiers and consumer pass codes into credit card account authorizations. The 
authenticating equipment may be responsive to digital signatures or other 
certifications. 

[022] The present invention thus provides a concept that enables processing 
of an e-commerce credit card transaction without transmitting the credit card 
account number that helps to solve or eliminates at least the following problems: 
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[023] 1. Preventing credit card information that is pirated, stolen, or 

simply lost from being used by criminals and unauthorized persons. The present 
invention provides a capability of squelching illegal and unauthorized use of credit 
card accounts. The capability is equally effective for Internet based and "in person" 
transactions and may be applied to either type. 

[024] 2. Avoiding processing of credit card charges without sufficient 

verification of the transactions associated with those charges. Validation of the 
transactions is available as a result of "transactional evidencing." 

[025] The present invention may also create a new obstacle and deterrence 
against those who would attempt certain criminal behavior. 

[026] The preferred embodiments of the present invention provide what can 

be called "PATH" (an acronym for "Payment Approval and Transactional 
History"). Unlike customary efforts to solve security breaches resulting in 
obtaining information fraudulently and illegally vis-a-vis the Internet, the 
exemplary embodiments of the present invention take advantage of already 
available technology to accomplish the full security and provide the currently 
unavailable assurance that is so badly needed to enable e-commerce transactions to 
take place with the highest level of safety. The preferred embodiments' mechanism 
solves the problem by removing it rather than trying to overpower it. 

[027] In accordance with one aspect of the invention, an operation is initiated 

when a transaction is processed. The operation may be engaged by the credit 
cardholder (the party rendering a payment) when he agrees to and engages in a 
transaction. For example, he may click an icon on his computer or other appliance 
(or another key if one is set up for the purpose). When used to assist with 
transactions conducted at a physical site, the site may have a card reader the 
customers may "swipe" or "dip" with their own credit cards, and a keypad that 
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cardholders "punch" with their personal identifier codes when they are comfortable 
with the level of privacy available. To initiate a "telephonically" arranged 
transaction, the cardholder might "punch" his code on the keypad on his telephone, 
cell phone or other portable device. Before this takes place, the order taker (human 
or electronic procedure) may connect him to a circuit that is isolated from the order 
taker. Therefore it may be said that the cardholder or consumer is the primary 
operator and that a sales clerk, cashier, or order taker may sometimes assist the 
consumer by providing or connecting him with the controls used to make the 
system operate. 

[028] "Transactional Evidencing" provided by an aspect of the invention 

embodies a method of reliably and securely producing the following information at 
the time a transaction is initiated: 

a. Evidence demonstrating that the purchaser is indeed the cardholder 
(or his agent) and not an imposter; 

b. The cardholder's assertion that he has had the opportunity to review 
the order he placed and agreed to the purchase as confirmed by the merchant; 
and 

c. Cardholder's assertion that he authorizes charges to be placed 
against his credit card. 

[029] In accordance with a further aspect of the preferred embodiments, the 
merchant is unable to unilaterally submit for payment; and only the cardholder is 
able to submit for payment of the merchant. 

[030] Currently, third party proxy service arrangements are often used as a 

shield by unsavory merchants as a means to continue relationships with card issuers 
that have terminated or otherwise do not approve of these merchants. Preferred 
embodiments of the present invention provide credit card issuers with the 
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opportunity to retain their ability to know which merchants they are doing business 
with, and to exclude them if they wish. In the exemplary models, the customer 
requests payment — which effectively removes the kinds of problems that generally 
compel the issuers to exclude undesirable merchants in the first place. 

[031] Preferred embodiments of the invention offer additional advantages, 
such as for example: 

I. Reliable Transaction Security & Squelching Unauthorized 
Credit Card Usage 

[032] Credit card issuers process electronic transactions for merchants they 
deal with. The exemplary embodiments of the invention allow them to process 
those transactions while keeping the credit card account information completely out 
of both public domains and domains controlled by the merchant. For example, 
method and apparatus can limit distribution of the cardholder's credit card number 
to only (a) the cardholder, and (b) the card issuer and/or an information clearing 
center where that cardholder has registered his information. As a result, in the 
exemplary embodiments, the invention effectively accomplishes the following: 

A. Disables hackers who monitor the Internet with the intent of 
obtaining credit card information belonging to users of the invention. 

B. Enables cardholders to make purchases with their card accounts 
without risk of pirates and hackers obtaining their account numbers. 

C. Renders credit card information belonging the cardholders useless 
without their consent. 

D. Prevents hackers from retrieving credit card information from 
merchants' servers and their databases. 
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E. Prevents merchants and their employees (present and previous) 
from placing unauthorized charges against a card account intentionally or 
by error. 

F. In one embodiment, even if the physical card is lost, the card 
number will not enable unauthorized persons to use the account in person 
or electronically. 

II. Transactional Evidencing 

[033] In addition, the preferred embodiments are able to supply credible 
evidence of each transaction. This type of information is useful to the credit card 
issuers when disputes arise, and also the merchants and cardholders. The 
transactional evidence can also be used to prevent and/or settle litigation. As one 
example, reliable transactional evidencing can be produced for transactions 
conducted over the Internet. By transactional evidencing, each exemplary 
embodiment accomplishes the following: 

1 Produces Evidence Of The Purchaser's Intent To Purchase 
[034] Providing credible documented evidence of the cardholder's intent to 
purchase confirmed by the cardholder. 

2. Produces Evidence Of The Validity Of The Order 
[035] Providing credible evidence to validate that the order was 

acknowledged and confirmed by the cardholder and may provide a description 
and/or other information concerning what was purchased. This confirmation is 
especially important if the payment is for a service or subscription that is delivered 
electronically because, unlike merchandise, no delivery receipt is returned to the 
merchant. 
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[036] The exemplary embodiments of the present invention provide, in 
another aspect, a method of performing a financial transaction involving: 

• a credit card issuer that has issued a credit card to the purchaser 

• an information clearing center with: 

1. a private credit card database, and 

2. a web or other server to collect information that may 
be accessed by the private credit card database through an 
internal private connection; 

• a credit card with an associated credit card identifier such as a credit card 
account number (primary identifier) that is registered with the credit card 
database; 

• a purchaser of goods or services who possesses an additional identifier(s) 
(such as a personal password and/or customer ID #) that is registered with 
the credit card database (e.g., at the information clearing center and/or 
directly with the card issuer or its subsidiary or agent); and 

• a provider of goods or services 

[037] In accordance with this aspect of the invention, the merchant's invoice 
numbers or other identifiers take the place of the credit card account numbers to 
build a secure system of unique, one-session transactions while retaining card 
account numbers private. For example, when a transaction is agreed between a 
provider and the purchaser, the purchaser informs the provider that a preferred 
embodiment transaction facilitating entity such as a clearing center will be used to 
arrange payment, and does not pass his credit card account number to the provider. 
The purchaser communicates knowledge of the transaction to the transaction 
facilitating entity and passes the additional identifier(s) to it. The private credit card 
database retrieves the knowledge of the purchase and the purchaser's personal 
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identifier ID. This may be done, for example, using a web server and an internal 
private connection. The private credit card database performs a mapping operation, 
using the purchaser's additional identifier(s) to link the knowledge of the 
transaction to the credit card's primary identifier. The information is then securely 
transmitted to the credit card issuer, or a clearing system of the credit card issuers. 
The credit card issuer arranges payment to the provider, who never obtains or 
receives the credit card's primary identifier (account #) or any ability to submit it 
for payment. 

§ BRIEF DESCRIPTION OF THE DRA WINOS 

J [038] These and other features provided in accordance with the present 
J invention will be better and more completely understood by referring to the 
s following detailed description of presently preferred example embodiments in 
3 conjunction with the drawings of which: 

* [039] Figure 1 shows an overall example embodiment of the invention; 
; [040] Figure 2a, 2b & 2c are example transaction flow diagrams; 

[041] Figures 3-7 are example information flow diagrams; and 

[042] Figure 8 shows an example transaction system. 

DETAILED DESCRIPTION OF 
PRESENTLY PREFERRED EXAMPLE EMBODIMENTS 

[043] Figure 1 shows an example embodiment of the invention. The diagram 
shows four example participants to a credit card transaction: 

• merchant 10, 

• card holder 20, and 
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• a transaction facilitator entity 30 and/or 40. 

[044] In the example embodiment, transaction facilitator entity 30 and/or 40 
may comprise, for example, a credit card issuer 30 and/or an information clearing 
center 40 (which may, for example, be operated by a third party). In the example 
embodiment diagrammed in figure 2a, issuer 30 and clearing center 40 are separate 
entities. In the embodiments diagrammed in figure 2b & 2c, they are the same 
entity, or one is the agent of or is otherwise associated with the other. 

[045] Internet connections, other types of digital or other communications 
connections, or others may be used to connect the merchant 10 with the card holder 
20, the issuer 30 with the merchant 10, and the merchant 10 and/or the card holder 
20 with the information clearing center 40. A secure connection (e.g., a private 
wire line or other secure communications link) preferably connects the information 
clearing center 40 with the credit card issuer 30. 

[046] To perform a transaction, a card holder 20 places an order with the 

merchant 10 and transmits a notification (such as a number or other identifier 
known to merchants and consumers, identifying a certain card issuer) in lieu of full 
credit card information. In at least one example embodiment, placing the order and 
transmitting the notification is performed via a server-client session over the 
Internet such as between a merchant 10 web server and a card holder's web 
browser. Since the notification is not confidential information (used simply to 
advise the merchant how payment will be processed), it can be transmitted over the 
Internet without taking any special security precautions (e.g., only standard Internet 
security levels such as SSL secure sessions or, in some embodiments, insecure 
sessions, are used or needed). 

[047] In response to the cardholder's order, the merchant 1 0 issues an 
identifier such as an invoice number with two components: a number or other value 
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that identifies the merchant, and the merchant's own internal invoice number or 
other identifier. The merchant 10 transmits this information to the cardholder 20 
with an order confirmation. 

[048] The cardholder 20 receives this information, and transmits the 

identifier (e.g., invoice number) to the information clearing center 40, which then 
requests the cardholder's personal identifier (e.g., his passcodes). These 
transmissions can be performed over the Internet in many examples. The payment 
information clearing center 40 may include a separate web site to receive 
transaction data from (cardholder/clients-20). 

[049] In preferred embodiments, the information clearing center 40 
maintains a private credit card database 42 of all of its cardholder/clients. Each 
card-holder/client has personal identifier information and associated credit card 
number stored in the database 42. The credit card number identifies the client's 
credit card account, and can be used to place charges against his credit account. The 
private database 42 is highly secure, and is not accessible from the Internet in the 
exemplary embodiments. 

[050] When the information center's web server 40 receives from a 

cardholder 20 the invoice number and cardholder's personal identifier information 
(e.g., over the web via its web site), the information clearing center 40's private 
database 42 retrieves this information from the web server. The private database 
performs a mapping between the client's personal identifier information and his 
credit card account number. The private database 42 and associated computer may 
then electronically transmit information concerning the transaction to the card 
issuer 30 -- this information including the credit card account number. Since this 
information is highly confidential, the information clearing center 40 in at least one 
embodiment uses a highly secure communication channel (e.g., a private wire line 
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or a telephone line not connected to the Internet and therefore immune to Internet 
hacking) to transfer the information to the card issuer 30. The information clearing 
center 40 may also pass other transaction information to the credit card issuer 30 
(e.g., the merchant's invoice number, merchant identification information, amount 
to charge the credit card account, etc.). 

[051] When the card issuer 30 receives the payment authorization including 
the cardholder's credit card account number from the information clearing center 
40, it may transmit a payment confirmation number back to the information clearing 
center 40. It further transmits a payment authorization to the merchant 10 - which 
payment authorization includes the transaction identifier (i.e., merchant's invoice 
number) but not the credit card account information. The issuer 30 may also 
transmit payment to the merchant without releasing any credit card account 
numbers or other information. 

[052] As will be understood, in the preferred embodiment, the only 
transmission of the card holder 20' s credit card number is from the information 
clearing center 40's private database 42 computer to the credit card issuer 30. This 
transmission is, in this example, via a highly secure connection that cannot be 
hacked. The credit card number is thus, in this example, never exposed to the 
merchant 10, but delivered to the card issuer without exposure to the Internet' and is 
never transmitted over the Internet in this specific example-- even though most of 
the transaction may take place over the Internet. Thus, the exchanges between the 
merchant and the cardholder is similar to the methods they are used to, but the 
variations provide a new level of security - and the basis on which payments are 
exchanged in these kinds of transactions has been recreated into a new form to 
provide a security level that never before was available. 
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More Detailed Example Embodiments 



[053] Figures 2a, 2b, & 2c: TRANSACTION FLOW DIAGRAMS 

2a: Transaction Facilitator is only an information clearing center, a 
separate entity from any card issuer. 

2b: Transaction Facilitator is an entity wherein the information clearing 
center and a specific card issuer are combined in a single entity. 

2c: Transaction Facilitator is an entity wherein the information clearing 
center and a specific card issuer are combined in a single entity. This 
embodiment discloses a method of cloaking the consumer's identifying 
information by combining it with the each new transaction identifier. 

Figures 3a-7: EXAMPLE TRANSACTIONS-INFORMATION FLOW DIAGRAMS 

Figures 3a,3b,5,7: Merchant communication/transaction processing is compatible 
with transaction facilitator, (eg: Merchant's transaction software has 
been programmed to perform functions of the invention in communi- 
cation with a particular transaction facilitator who may also be an 
issuer for a particular brand of credit cards. If facilitator is a card 
issuer, merchant will preferably favor the same brand as the trans- 
action facilitator. 

Figures 4,6: Merchant is not programmed to communicate with a transaction 
facilitator, but is able to participate with a consumer to process a 
transaction, transmitting the necessary transaction identifier to him. 

Figures 3a,3b,4: Internet "PC" Type Transaction: Transactional evidence; 
Customer's affirmation based on his review of order confirmation sent by merchant 
(eg: by email). 

Figures 5,6: Internet "PC" Type Transaction: Transactional evidence; Customer's 
affirmation based on his review of order which is displayed to him on line after he 
places the "buy" order (e.g., after he clicks "buy", before he clicks "oktopay") 
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Figure 7: Telephone, cell phone, other portable devices used to place orders or 
affect payment: Transactional evidence; Customer's affirmation based on a verbal 
request or an order "read back" for verbal orders, or in writing for portable devices. 

In each of the above disclosed embodiments, transactions proceed according to its 
specific outline and at the same time, following the overall flow depicted in figure 1. 

The example transactions proceeds as follows: 

[054] 1 . The consumer 20' s credit card account will never be transmitted 

to the merchant in these examples. Instead, the consumer will transmit a notification 
200 (e.g., identifying information known to both the merchant and the consumer) to 
5 the merchant that payment will be arranged by a transaction facilitating entity 30, 
J 40 (Figures 2a,2b, & 2c block 1 10) such as for example an information clearing 
n center. 

~ [055] 2. The merchant 10 will transmit to the consumer 20 an order 
3 confirmation 204 (or an online view or read back of the completed order 206 or 202 
a respectively) with a transaction identifier 208 (such as a number that may be 
i included in the invoice number), which discloses the identity of the merchant 
(Figure 2, block 120). In so-called "brick and mortar" transactions that use a 
physical point of purchase as opposed to a virtual one, the merchant can transmit 
(e.g., over the Internet, telephone lines, or other communications means) the 
customer identifier from a card swiper or other transaction equipment along with a 
transaction identifier (which might be supplied for example from an electronic cash 
register to the card swiper). In such an arrangement, the merchant is prevented 
from recording the consumer's credit card account information. 

[056] 3. If the consumer 20 agrees to the order confirmation, he will 
make his final Internet transmission 212 to the information clearing center 40 
(Figures 2a,2b&2c, block 130). In some example embodiments, this probably will 
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not even occur at the time he placed the order because many merchants require time 
before they send consumers order confirmations, and the consumer may require 
time to review the confirmation. In other examples, it will not occur at the same 
moment due to brief time lapses between the time the consumer 20 places the order 
and the additional steps he takes to initiate the payment. In such embodiments, the 
consumer's final Internet transmission will serve as his affirmation that he has 
reviewed the merchant's confirmation and is in agreement with the transaction. 

[057] In the examples shown, the final Internet destination of all elements 

transmitted by the client 20 of the information created by a transaction is the 
information clearing center 40 (the card issuer 30 if combined with the information 
clearing center 40). Consumers 20 can be clients of the information center 40. They 
will transmit information to the center 40, including for example: 

a. Transaction identifier 208 (e.g., the merchant's 10 combined 
invoice/ID #) or 209 (e.g., a combined transaction/personal 
id); 

b. A password or other authentication value 212 associated with 
or chosen by the consumer 20; 

c. The amount to be charged to consumer's credit card 214; 
and/or 

d. A personal ID code previously registered with the 
information center 40. 

[058] 4. An identifier may also be stored on the consumer's computer by 
the information center 40 (for example, a digital "certificate" is one way to identify 
a sending computer) (Figures 2a block 140 & 2b block 141). The identifying 
information may be dynamically assigned (for example, by assigning a new number 
in each session and used by the information clearing center 40 to identify 
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cardholder/client 20' s computer the next time there is a session). As one example, 
this cardholder/client 20's computer's dynamically assigned ID # may be 
transmitted with the client's identifier information when he requests that a payment 
be arranged from his credit card. 

[059] Clients of the information clearing center may transmit these requests 
by performing an operation such as for example clicking an icon on the screen of an 
Internet or other network capable appliance when a confirmation invoice or online 
order form is in view. 

[060] As the elements of information are collected by the information 
clearing center 40, they are removed from the public domain. Then they are 
assembled by the center's "offline" computers 302 (see Figure 8), which in at least 
one example are not web servers and are not accessible from the Internet. In at least 
one example embodiment, the information center 40 permits the off line computers 
302 to retrieve the information identifying the client from its web site via a back- 
end connection routed through a firewall 304, or another method they deem 
appropriate to give the off-line computer specific immunity from hackers and 
pirates. The off-line computers contain a database 42 where the accounts of the 
clients are registered and stored. The identifier supplied by the client 20 is then 
mapped to his credit card information by a database 20 lookup done by the off-line 
computer 302. The information of the transaction is packaged by the off-line 
computer and transmitted to the card issuer 30 by a payment fulfillment process 306 
(or used directly if the information clearing center 40 and the credit card issuer 30 
are the same entity) or to a clearing system shared by multiple card issuers over a 
"tamperproof" connection (for example, not connected to the Internet at all). Since 
the Internet is not involved in this transmission in these illustrative examples, the 
information is kept secure and is not vulnerable or at risk. The merchant will never 
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see it, nor will any else except the information center 40 and/or the credit card 
issuer 30 who maintain the information in secure locations. 

[061] 5. The merchant 10 may be notified directly by the credit card 

issuer of the approval (or decline) of the credit. The communications medium used 
may be the one in place already (the card processing system), because no credit card 
account number will be transmitted by or to the merchant 10. In the examples 
illustrated in Figures 3-7, he will receive a message 216 including the following in 
their respective illustrative embodiments: 

a. His own transaction identifier 208 (e.g., invoice and/or 
merchant ID number) for identification of each transaction; and 

b. Standard approval code and payment arrangements 218, 220, 
absent the unique part of each card's account number (e.g., only the Card 
Issuer 30 revealing portion of the number will be displayed to the merchant). 

UNDERLYING THEORY 

[062] Picturing public domain (i.e., the Internet) as a domain where major 

battles are being fought against information piracy (the battleground), a battle 
would not be fought if the target (information) could be kept away from the 
battleground and hidden out of view. Information is a moving target. It is 
transmitted across the Internet in packages known as packets. Experts in Internet 
security have placed much focus on building better ways to package and code the 
information while it is transmitted through public domain (e.g., data encryption). 
While better coding methods are helpful and purposeful, this approach, used by 
itself, contains inherent shortcomings: 

[063] 1 . The information can still be decoded. Throughout history, no matter 

what methods or technologies have been developed to code information, ways have 
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been found to "crack" the codes. While some of the computer generated codes of 
modern times are very good, the problem remains. 

[064] 2. Even if the information were transmitted in a format that could not 
be deciphered, generally accepted methods and procedures used to process on-line 
transactions result in the passing of sensitive information to places where it is 
vulnerable and accessible by persons who have no actual need for it. This poses a 
risk in every case involving transmission of information useable by the bearer to 
submit for payment. 

[065] The preferred embodiments of the present invention embody two 

theories. The first theorizes about the substance of information, saying that 
information consists of components that may be disassembled and reassembled, and 
that without all of these components assembled correctly the information loses its 
meaning. An analogy would be to say that information is like an aircraft, which is 
also assembled from components, such as the wings, the engines, and the fuel tanks. 
If any of these components is missing or incorrectly installed, the aircraft is 
essentially useless, unable to serve the purpose for which it exists. 

[066] The second is based on the fact that information can't be abused by 

anybody who doesn't have it. If transactions involving the use of information (e.g., 
credit card account information) can be processed without revealing the critical 
portions of that information (e.g.: card account numbers and the identities of the 
cardholders) to anybody who didn't have it before the transaction was initiated, and 
without storing it in places where it was not stored before the transaction was 
initiated, then whatever level of security that existed before the transaction took 
place will not be compromised as a result of the transaction being processed. 

[067] Since each payment request in the exemplary embodiment involves 

submitting information during an interactive session, there is provided an inherent 

24 



deterrent to the "mass production" methods of sophisticated fraudsters. Results 
oriented criminals will prefer to avoid this system, because it is designed to defeat 
the efficiencies they require to operate profitably even if they could know the pass 
codes and other information they would require. "Small time" fraudsters will tend to 
avoid it also. Their perceived risk of capture increases as they realize they are 
communicating interactively with multiple parties, registering information into their 
computers and accepting messages from those they wish to cheat. 

[068] While the invention has been described in connection with what are 

presently considered to be the most practical and preferred embodiments, it is to be 
understood that the invention is not to be limited to the disclosed embodiments. On 
the contrary, the invention is intended to cover various modifications and equivalent 
arrangements included within the scope of the appended claims. For example, the 
information center may be installed at the site of a credit card issuer or even be 
transferred or assigned to such issuer. As another example, the invention shall 
include new methods/technologies (e.g., advances in Internet and networking 
security) as they become available. 
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